General
-
Target
siri_active_2
-
Size
2.6MB
-
Sample
201111-wdeh8d4lqa
-
MD5
3d0756f3fa6d259adbddb73baf1fb23b
-
SHA1
2780840b4c4fd06e0a9fef8e6392aae3065b2e4d
-
SHA256
1c7b6dfdbd6117dd089c5e7df2dd6e61a36d1878dbe61e1c2d91f44da2da14fc
-
SHA512
4dccaa3913f7326e65e2e803af90bb799f2f5045245a10f382d9000186a93d1af1cd668d60f16ee27cef43bdc966efb67b7c844c58b9ec2829552327f6a56084
Static task
static1
Behavioral task
behavioral1
Sample
siri_active_2.exe
Resource
win7v20201028
Malware Config
Extracted
danabot
92.204.160.126
193.34.166.26
93.115.22.159
93.115.22.165
185.227.138.52
Targets
-
-
Target
siri_active_2
-
Size
2.6MB
-
MD5
3d0756f3fa6d259adbddb73baf1fb23b
-
SHA1
2780840b4c4fd06e0a9fef8e6392aae3065b2e4d
-
SHA256
1c7b6dfdbd6117dd089c5e7df2dd6e61a36d1878dbe61e1c2d91f44da2da14fc
-
SHA512
4dccaa3913f7326e65e2e803af90bb799f2f5045245a10f382d9000186a93d1af1cd668d60f16ee27cef43bdc966efb67b7c844c58b9ec2829552327f6a56084
-
Danabot x86 payload
Detection of Danabot x86 payload, mapped in memory during the execution of its loader.
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Blocklisted process makes network request
-
Loads dropped DLL
-